What does GDPR mean for contact centers?
As a contact center you’re at the heart of your organization’s engagement and the front line in customer service. That means that you are more than likely going to be exposed to, handle, use or store personal data of your customers. That means that GDPR will apply to you.
Data security matters to consumers – your customers. Recent research by Thales e-Security revealed that half of consumers don’t believe commercial organizations care about their privacy. In fact, consumers are becoming increasingly reluctant to trust anyone with their personal information especially in retail, banking or travel. What’s more 77% suggested that a failure to comply with GDPR would negatively impact their perception of an organization.
Can you afford to lose your customers to the competition?
If you take card payments and GDPR is on your mind it’ll be worth looking at PCI DSS solutions to help you on your path to compliance.
Taking card payments exposes your contact center to sensitive payment details. At the same time, you’ll be gathering personal information too – such as name, address, zip code or IP address. Using a PCI DSS secure payment solution such as CallGuard can help you make all this data secure.
have long held the belief that de-scoping your entire contact center is the
most secure way to protect sensitive and personal data. Because, if you
don’t store this information in your environment at all then it’ll be
one less requirement that you need to worry about when it comes to
With data breaches, card data exposure, ransom attacks and other, increasingly clever, scams to obtain personal card data, it’s time to make sure your contact center is secure. Your customers take their data seriously so you need to do the same to protect your business.
What is GDPR?
GDPR (General Data Protection Regulation) is intended to improve how data is protected as well as increasing the accountability for those that suffer data breaches.
GDPR is the most comprehensive data privacy regulation to date and allows individuals to have better control over their own data. Because of this it presents challenges to organizations who process personal data of any EU citizen – regardless of where that organization is headquartered. Any organization that handles or uses personal data from EU citizens is obligated to comply with GDPR, regardless of where they are based. If you don’t you could face heavy fines of up to €20 million or 4% of your global turnover.
GDPR and US companies
Any organization who has a physical presence in the EU should be familiar with the data protection laws, the relationship between EU and US data protection and what they need to do for GDPR. The greater challenge is for US companies who do not have a footprint in Europe and simply offer goods or services to EU citizens. This is because GDPR now requires you to be compliant whereas you were previously excluded.
Read the GDPR report for greater insight into the situation for US companies.
GDPR and Brexit
The UK Government has already stated that it will implement the same regulation for the UK so that after Brexit there will still be a common standard to apply to data protection between the EU and the UK. For that reason, compliance remains a priority for now and in the future.
What is ‘personal data’
GDPR re-defines personal data as ‘any information relating to an individual, whether it relates to his, or her, private professional or public life’. This is a wider definition from previous data protection legislation.
Personal data could be:
- Home address
- Email address
- Bank details
- Social media posts
- Medical information
- A computer IP address
How can Eckoh solutions help
Eckoh is a world-leading provider of secure payment and customer engagement solutions that address this very challenge. Our patented solution can, quite simply, make this personal data secure. If it’s not there it can’t be stolen so, should you be unfortunate to suffer a data breach, no customer personal data would be lost. Our solutions are PCI DSS compliant and so can help towards your overall GDPR obligations.
The Payment Card Industry Data Security Standard (PCI DSS) addresses specific issues around storing, processing or transmitting sensitive card data. Achieving compliance to this standard will most definitively contribute to your overall GDPR compliance plan.
If PCI DSS is unfamiliar to you and you’re not sure what it can do for you then take a look at the PCI DSS Help page and the compliance solutions that Eckoh offers such as agent assisted and automated payments to Live Chat Pay or Apple Pay. Alternatively, download the resources below for deeper insight.
The Definitive Guide
A practical guide to all you need to know about and how to get started.
The Rise in CNP Crime in Contact Centres
Find out what’s happening, who’s doing it and how you can combat it